Spring Security Tutorial does not work with Tomcat Server
I made this tutorial https://spring.io/guides/gs/securing-web/ which uses SpringBoot and SpringSecurity for WebApplication. As described in the tutorial, the entire project is run through the main class and set up with auto setup.
My goal is to use the exact same thing that works on Tomcat Server (I am using IntelliJ IDEA). Everything runs without any errors, but somehow I am not redirected to the login page if I go to the "hello" page. Instead, it shows me Hello null !. I see the following in the debug log:
10:34:06.102 [http-apr-8080-exec-5] DEBUG o.s.web.servlet.DispatcherServlet - DispatcherServlet with name 'dispatcher' processing GET request for [/hello]
10:34:06.103 [http-apr-8080-exec-5] DEBUG o.s.w.s.h.SimpleUrlHandlerMapping - Mapping [/hello] to HandlerExecutionChain with handler [org.springframework.web.servlet.mvc.ParameterizableViewController@225a46d1] and 1 interceptor
10:34:06.103 [http-apr-8080-exec-5] DEBUG o.s.web.servlet.DispatcherServlet - Last-Modified value for [/hello] is: -1
10:34:06.103 [http-apr-8080-exec-5] DEBUG o.s.w.s.v.ContentNegotiatingViewResolver - Requested media types are [text/html, application/xhtml+xml, application/xml;q=0.9, */*;q=0.8] based on Accept header types and producible media types [*/*])
10:34:06.103 [http-apr-8080-exec-5] DEBUG o.s.w.s.view.BeanNameViewResolver - No matching bean found for view name 'hello'
10:34:06.103 [http-apr-8080-exec-5] DEBUG o.s.w.s.v.ContentNegotiatingViewResolver - Returning [org.thymeleaf.spring4.view.ThymeleafView@2c9dacea] based on requested media type 'text/html'
10:34:06.104 [http-apr-8080-exec-5] DEBUG o.s.web.servlet.DispatcherServlet - Rendering view [org.thymeleaf.spring4.view.ThymeleafView@2c9dacea] in DispatcherServlet with name 'dispatcher'
10:34:06.104 [http-apr-8080-exec-5] DEBUG o.s.b.f.s.DefaultListableBeanFactory - Returning cached instance of singleton bean 'requestDataValueProcessor'
10:34:06.104 [http-apr-8080-exec-5] DEBUG org.thymeleaf.TemplateEngine - [THYMELEAF][http-apr-8080-exec-5] STARTING PROCESS OF TEMPLATE "hello" WITH LOCALE de
10:34:06.104 [http-apr-8080-exec-5] DEBUG org.thymeleaf.TemplateEngine - [THYMELEAF][http-apr-8080-exec-5] Starting process on template "hello" using mode "HTML5"
10:34:06.104 [http-apr-8080-exec-5] DEBUG org.thymeleaf.TemplateEngine - [THYMELEAF][http-apr-8080-exec-5] Finished process on template "hello" using mode "HTML5"
10:34:06.104 [http-apr-8080-exec-5] DEBUG org.thymeleaf.TemplateEngine - [THYMELEAF][http-apr-8080-exec-5] FINISHED PROCESS AND OUTPUT OF TEMPLATE "hello" WITH LOCALE de
10:34:06.104 [http-apr-8080-exec-5] DEBUG org.thymeleaf.TemplateEngine.TIMER - [THYMELEAF][http-apr-8080-exec-5][hello][de][644609][1] TEMPLATE "hello" WITH LOCALE de PROCESSED IN 644609 nanoseconds (approx. 1ms)
10:34:06.104 [http-apr-8080-exec-5] DEBUG o.s.web.servlet.DispatcherServlet - Successfully completed request
I want to have a clean java config and set it up according to Spring Docs .
My AppConfig looks like this:
@EnableAutoConfiguration //do magic
@Configuration
@ComponentScan("de.visargue")
@Import({MvcConfig.class, SecurityConfig.class})
public class AppConfig {
public static void main(String[] args) throws Throwable {
SpringApplication.run(AppConfig.class, args);
}
}
SecurityConfig looks like the tutorial. From debugging, I can see that these methods are executed when the war is deployed. However, the redirect to the login page no longer works.
By clicking on logout, the output shows that no handler was found.
10:42:07.653 [http-apr-8080-exec-7] DEBUG o.s.web.servlet.DispatcherServlet - DispatcherServlet with name 'dispatcher' processing POST request for [/logout]
10:42:07.653 [http-apr-8080-exec-7] DEBUG o.s.w.s.m.m.a.RequestMappingHandlerMapping - Looking up handler method for path /logout
10:42:07.654 [http-apr-8080-exec-7] DEBUG o.s.w.s.m.m.a.RequestMappingHandlerMapping - Did not find handler method for [/logout]
10:42:07.654 [http-apr-8080-exec-7] DEBUG o.s.w.s.h.SimpleUrlHandlerMapping - Matching patterns for request [/logout] are [/**]
10:42:07.654 [http-apr-8080-exec-7] DEBUG o.s.w.s.h.SimpleUrlHandlerMapping - URI Template variables for request [/logout] are {}
10:42:07.654 [http-apr-8080-exec-7] DEBUG o.s.w.s.h.SimpleUrlHandlerMapping - Mapping [/logout] to HandlerExecutionChain with handler [org.springframework.web.servlet.resource.ResourceHttpRequestHandler@45dfaa56] and 1 interceptor
10:42:07.654 [http-apr-8080-exec-7] DEBUG o.s.w.s.m.a.ResponseStatusExceptionResolver - Resolving exception from handler [org.springframework.web.servlet.resource.ResourceHttpRequestHandler@45dfaa56]: org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'POST' not supported
10:42:07.654 [http-apr-8080-exec-7] DEBUG o.s.w.s.m.s.DefaultHandlerExceptionResolver - Resolving exception from handler [org.springframework.web.servlet.resource.ResourceHttpRequestHandler@45dfaa56]: org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'POST' not supported
10:42:07.654 [http-apr-8080-exec-7] WARN o.s.web.servlet.PageNotFound - Request method 'POST' not supported
10:42:07.654 [http-apr-8080-exec-7] DEBUG o.s.web.servlet.DispatcherServlet - Null ModelAndView returned to DispatcherServlet with name 'dispatcher': assuming HandlerAdapter completed request handling
10:42:07.654 [http-apr-8080-exec-7] DEBUG o.s.web.servlet.DispatcherServlet - Successfully completed request
Can someone explain to me why the whole installation works when I run the project using the main method, but not when it is deployed as a war to the tomcat server?
source to share
I found a solution. For WAR, you need to add one more class. I added mine to my config package where other config classes reside.
import org.springframework.security.web.context.*;
public class MessageSecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {
}
That's all you need to make it work.
This tutorial describes: http://docs.spring.io/autorepo/docs/spring-security/3.2.x/guides/hellomvc.html#registering-spring-security-with-the-war
source to share